The Russian cybercrime ecosystem has entered a phase of profound transformation, triggered by a combination of factors: unprecedented international pressure from law enforcement agencies, a shift in domestic priorities, and the persistent, yet evolving, links between organized crime and the Russian state. A key event was Operation Endgame , launched in May 2024, a multinational initiative aimed at targeting ransomware groups, money laundering services, and related infrastructure, including within Russian jurisdictions. In response, Russian authorities conducted a series of high-profile arrests and seizures. These actions mark a departure from Russia’s historical stance of near-total non-interference with domestic cybercriminals. The traditional concept of

Zscaler’s recent confirmation of a data breach resulting from a supply chain attack provides a case study in the evolution of threats against complex SaaS ecosystems. The attack, attributed to the APT group UNC6395, exploited vulnerabilities in the handling of OAuth credentials and API trust model in integrations between third-party applications and cloud platforms. According to initial analysis, the entry point was the abuse of the Salesloft Drift-Salesforce integration. The actor exfiltrated valid OAuth tokens, allowing direct access to Salesforce endpoints without having to interact with traditional authentication systems (e.g., MFA or session cookies). This vector exploits an inherent weakness in the